Manualshelf

NetWare 4.1/9000 Concepts

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software
211212213214215216217218219220
1-191
NetWare Glossary
S
When a user is added to the membership list of a Group object or the
occupant list of an Organizational Role object, the Group or Organizational
Role is listed in that users security equivalence.
By using a security equivalence, you avoid having to review the whole
directory structure and determine which rights need to be assigned to which
directories, files, and objects.
Use security equivalence with caution. If users have rights to add to their
own security equivalence list, they could add the name of a network
supervisor and change anything on the network. Be careful when granting
the Write or Supervisor property right to this property, and consider blocking
it in the Inherited Rights Filter of each User object. This way, only network
supervisors and those granted specific rights to this property can add to the
list.
Users who manage other users should be granted the Write right to this
property. This allows user account managers to make users security
equivalent to other users that they manage.
Every object is security equivalent to all container objects that are part of its
complete name. Because of this, you can make a container a trustee.
Every object in that container will have the rights that are granted to the
container, through security equivalence. None of these containers are listed
in a users security equivalence list, however.
Security equivalence is not transitive, that is, if Tom is security equivalent to
Jill, and Jill is security equivalent to Bob, Tom is not security equivalent to
Bob through Jill. Security equivalence only grants Tom those rights that Jill
is explicitly granted.
To add an object to a user's security equivalence list, you must have at least
the Write property right to the ACL property of the object you want to add to
the list. You don’t need rights to the security equivalence property of the
user; only the Browse object right.
In networks containing confidential data that only selected users have access
to, take care that you don’t inadvertently give a user access to restricted
information.
Related utility: “NETADMIN” (Utilities Reference).
See also “User object.”